Cisco ZBF not allowing access from internet.

Faisal Saleem · ‎01-28-2016

Dear All,

Thank you so much in advance for your help, i just got stuck in an issue.

I implemented ZBF on a cisco router but due to some reasons I am unable to access web services from internet. packets hitting the ACL and showing the count as well, also showing in ip nat translations but again unable to access the services.

my configuration file is attached.

Thanks.

jagmeesi · ‎01-28-2016

Hi Faisal

Please try to add the following to mitigate the same issue:

ip access-list extended TEST
 permit ip host <outside_ip> any
!
class-map type inspect match-any SELF->OUTSIDE
 match access-group name TEST
!
policy-map type inspect SELF->OUTSIDE
 class type inspect SELF->OUTSIDE
  inspect 
 class class-default
  drop log
!
zone-pair security SELF->OUTSIDE source self destination OUTSIDE
 service-policy type inspect SELF->OUTSIDE

Let me know how it went.

Regards

Jagmeet

jagmeesi · ‎01-28-2016

Just a modification in access-list :

ip access-list extended TEST
 permit ip host <outside_ip> any
 permit tcp 192.168.0.0 0.0.0.255 any eq www
 permit tcp 192.168.0.0 0.0.0.255 any eq 443
 permit tcp 192.168.0.0 0.0.0.255 any eq ftp
 permit tcp host 192.168.0.100 any eq smtp

Faisal Saleem · ‎01-28-2016

Hi Jagmeet,

Thanks for your reply,

we I applied this its blocked all my inside to outside traffic.

Faisal Saleem · ‎01-28-2016

Hi Jagmeet,

I tried this but It blocked all my inside to outside traffic.